Main Navigation

Weekly office hours support U Cybersecurity Program efforts

The concept of “office hours” has its roots in academia. Though it’s increasingly common to host office hours virtually and rely on technologies like Teams polls and spreadsheets, traditionally, they were a time when students met with professors one-on-one — a dedicated spot on the calendar to stop by their offices to say hello, seek guidance, or riff on an idea.

They’re becoming a standard business practice, as well. When UIT started to roll out the University of Utah Cybersecurity Program, weekly office hours were part of the implementation strategy, according to Clay Postma, director for UIT Partner Relations.

“Since we’re a group of professionals with a common interest — the cybersecurity of our university — office hours give our stakeholders a way to bring concerns and questions to the group without fear of ridicule or retaliation,” Postma said. “This group provides a safe space to ask the hard questions and receive the hard answers, discuss complex issues, get advice, and commiserate with peers.”

Facilitated online by UIT Partner Relations every Thursday from 3:00 p.m. to 4:00 p.m., a cross-functional team of subject matter experts fields questions and provides support for the U-wide Cybersecurity Program, an initiative authorized by President Taylor Randall in January 2023 (Randall’s letter to stakeholders and Chief Information Security Officer Corey Roach’s memorandum to faculty and staff are available in Box; login required). Postma credited the idea of holding office hours to Jake Johansen, director of Enterprise Security in the Information Security Office (ISO).

“When we were kicking off the program, we wanted to make sure that we had a way of quickly responding to questions and concerns. Jake suggested borrowing a page from our faculty colleagues and establishing open office hours,” Postma said.

Jim Cannon, a network administrator for University Connected Learning, said “having ISO leadership in the meetings conveys how important the topic is to the university.”

“I have also appreciated how the questions have been answered as to not tear down any one individual. Nobody is made to feel inadequate or unimportant,” Cannon said.

To request a recurring cybersecurity office hours invitation, please email the UIT Partner Relations team at Participation is encouraged but not mandatory.

Dean Keyek-Franssen, a business analyst for UIT Partner Relations, said “this kind of forum exemplifies the spirit of cooperation we strive for at the university, and we think it has proven to be a successful model.”

“Our opportunity is to foster and grow positive, collaborative relationships between UIT, university leadership, and university IT professionals as a way to successfully meet the IT needs of the university,” Keyek-Franssen said.

Cannon said the format “removes confusion of who to contact for the best information.” He said “a question asked by one participant could solve a problem for other individuals or departments that have the same question” and that “hearing other participants’ questions often stimulates further investigation into our IT environment.”

“Having a dedicated time for Q&A helps me know I can get answers to my questions in a timely fashion — that they’re not accidentally lost in email,” Cannon said.

Dustin Udy, associate director for the ISO Security Assurance team, said “it’s been nice to see so many people engaged and asking questions. It shows that people are paying attention and getting involved with IT security.”

Mars Jacobsen, an IT specialist for Red Butte Garden, said having an online space to collaborate “sort of ‘lifts the veil’ of university cybersecurity and allows me to take more ownership of the work we do to secure our digital environment.”

“We all function better together when we have cross-training opportunities such as this …” he said. “It helps to understand the goal [of the cybersecurity program] and the ins and outs of who, what, why, and how. I can better gain the support of my endpoint users, as well as our leadership, when I’m committed to the mission and feel like I’m supported in pursuing these goals. It’s also given me a lot of opportunities to learn and improve on an IT security-focused mindset.”

Postma said a popular discussion topic is the scope of device management in the context of university- and personally-owned devices.

“We’re a largely technical group, so we tend to start with facts, such as published policy or written guidance. Those give us a common baseline for discussion from which everyone can start on equal terms,” Postma said. “Sometimes we dig deep into these questions, both technically and ethically. I think that’s evidence that we take our partners’ concerns seriously. We’ll put the time in on the research and tap additional stakeholders with broader expertise where appropriate. This topic — device management scope — has demonstrated our commitment to understanding the community’s concerns, unique circumstances in their units, and microcultures.”

Jacobsen agreed, touting the group as a natural evolution of the shift away from silo mentalities in IT.

“We all come from many different backgrounds and have many different skills, and I like when we can share those skills with each other and work together. We don’t all have something to say every week, but I learn a lot just from listening to others speak,” Jacobsen said.

Treating one another respectfully and fostering an open exchange of ideas, Postma said, are key to the ongoing success of the weekly gathering.

“When we need to deliver ‘bad’ news, we try to frame it as an opportunity to improve: ‘We can’t do that, but here’s what we can do.’ Their success is our success,” he said.

The knowledge shared during cybersecurity office hours will continue to be supplemented by product demonstrations, such as a Tanium walkthrough on May 24 hosted by Hayden Waters, senior data security analyst for the ISO. For those unable to attend, a recording (in Microsoft SharePoint; login required) and slides (in Box; login required) are available.

Additional resources

Join the discussion

To request a recurring cybersecurity office hours invitation, please email the UIT Partner Relations team at